Commit 63eb1e4b authored by Jesper Juhl's avatar Jesper Juhl Committed by Jaroslav Kysela
Browse files

[ALSA] fix potential NULL pointer deref in snd_sb8dsp_midi_interrupt()



First testing if a pointer is NULL and if it is (or might be), proceeding
with code that dereferences that same pointer is clearly a mistake.
This happens in sound/isa/sb/sb8_midi.c::snd_sb8dsp_midi_interrupt()
The patch below reworks the code so this unfortunate case doesn't happen.
Also remove some blank comments.
Found by the Coverity checker as bug #367
Patch is compile testted only due to lack of hardware.
Signed-off-by: default avatarJesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Takashi Iwai's avatarTakashi Iwai <tiwai@suse.de>
parent 6540dffa
......@@ -32,20 +32,22 @@
#include <sound/core.h>
#include <sound/sb.h>
/*
*/
irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip)
irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb *chip)
{
struct snd_rawmidi *rmidi;
int max = 64;
char byte;
if (chip == NULL || (rmidi = chip->rmidi) == NULL) {
if (!chip)
return IRQ_NONE;
rmidi = chip->rmidi;
if (!rmidi) {
inb(SBP(chip, DATA_AVAIL)); /* ack interrupt */
return IRQ_NONE;
}
spin_lock(&chip->midi_input_lock);
while (max-- > 0) {
if (inb(SBP(chip, DATA_AVAIL)) & 0x80) {
......@@ -59,10 +61,6 @@ irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip)
return IRQ_HANDLED;
}
/*
*/
static int snd_sb8dsp_midi_input_open(struct snd_rawmidi_substream *substream)
{
unsigned long flags;
......@@ -252,10 +250,6 @@ static void snd_sb8dsp_midi_output_trigger(struct snd_rawmidi_substream *substre
snd_sb8dsp_midi_output_write(substream);
}
/*
*/
static struct snd_rawmidi_ops snd_sb8dsp_midi_output =
{
.open = snd_sb8dsp_midi_output_open,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment